ClawHub

Gateway Monitor Auto Restart

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-built for gateway monitoring, but it installs unattended recurring control over a local service and can kill/restart processes without enough user control or safety documentation.

Install only if you intentionally want an unattended watchdog for your OpenClaw gateway. Review the cron entry and gateway_monitor.sh first, confirm how you will remove the cron job, and avoid production or shared machines unless you are comfortable with automatic restarts and broad process termination.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README promotes automatic restarting of a gateway service when it is "unresponsive" but does not warn users that this can interrupt active sessions, mask underlying failures, or cause repeated service disruption if the health check is wrong. In a system-management skill, undocumented automatic restart behavior increases operational risk because users may install it without understanding that it can forcibly alter service state on a schedule.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly states that it will automatically install a cron job and restart a gateway service, but it does not present this as a clear safety warning or require explicit user acknowledgement. Automatic modification of system scheduling and service state can disrupt production environments, interfere with existing maintenance policies, and create persistence-like behavior if the user did not knowingly consent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script kills processes matching a broad pattern and restarts the gateway automatically with no user confirmation or interactive warning. In an agent/skill context, this can disrupt legitimate processes, create denial-of-service conditions, and allow unintended operational changes to occur silently if the script is triggered unexpectedly or abused.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal